FFmpeg is prone to a stack-based buffer overflow vulnerability.
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
FFmpeg 3.3 is vulnerable.
Information
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- avcodec/xpmdec: Fix multiple pointer/memory issues (FFmpeg)
- FFmpeg Homepage (FFmpeg)
- Reproducing OSS-Fuzz issues (Google)
- ffmpeg: Stack-buffer-overflow in color_string_to_rgba (Chromium)